syncope-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Francesco Chicchiriccò <ilgro...@apache.org>
Subject Re: [DISCUSS] SAML 2.0 Service Provider feature
Date Tue, 07 Mar 2017 16:25:52 GMT
On 07/03/2017 17:19, Colm O hEigeartaigh wrote:
> Hi Francesco,
>
> It's good to see support for SAML coming to Syncope. I'd encourage you to
> re-use the functionality developed in CXF to validate the SAML Response
> from the IdP:
>
> https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLProtocolResponseValidator.java
> https://github.com/apache/cxf/blob/master/rt/rs/security/sso/saml/src/main/java/org/apache/cxf/rs/security/saml/sso/SAMLSSOResponseValidator.java
>
> I spent a lot of time reading the specs and making sure the validation
> rules were all followed :-)

That's very nice, thanks for the pointers!
Regards.

> On Tue, Mar 7, 2017 at 11:00 AM, Francesco Chicchiriccò <ilgrosso@apache.org
>> wrote:
>> On 07/03/2017 11:56, Sergey Beryozkin wrote:
>>
>>> Hi Francesco
>>>
>>> Not sure if it can be relevant for this work but at the CXF level we have
>>> this SAML SP support:
>>>
>>> http://cxf.apache.org/docs/saml-web-sso.html,
>>>
>>> something Colm and myself worked upon earlier on.
>>>
>> Thanks for the pointer, Sergey: I did already find it, though.
>>
>> This does not completely fit in our scenario since here the idea is to
>> split the responsibilities in two: from one side the front-end web-fragment
>> takes care of the SAML exchange, from the other side the Syncope core (e.g.
>> the CXF application) works as back-end for the effective SAML assertion
>> validation and generation.
>>
>> I'll look at the provided page and related implementation, anyway, thank
>> you very much indeed.
>>
>> FYI, this class
>>
>> https://github.com/apache/wss4j/blob/trunk/ws-security-commo
>> n/src/main/java/org/apache/wss4j/common/saml/OpenSAMLUtil.java
>>
>> has been already extremely useful to me, since OpenSAML 3 documentation is
>> practically absent.
>>
>> Regards.
>>
>> On 07/03/17 10:49, Francesco Chicchiriccò wrote:
>>>> Hi all,
>>>> I have made a proposal at [1] and opened SYNCOPE-1041 for the purpose.
>>>>
>>>> I am already working on it, and it should be ready on time for Syncope
>>>> 2.0.3.
>>>>
>>>> The idea is to embed the whole implementation in a PR, with option of
>>>> further discussing before merge.
>>>>
>>>> Also, I would like to include, in the 2.0.3 release notes, a public
>>>> "thank you" statement to the University of Helsinki similar to the one
>>>> we made for 1.1.0 [2].
>>>>
>>>> WDYT?
>>>> Regards.
>>>>
>>>> [1] https://cwiki.apache.org/confluence/display/SYNCOPE/%5BDISCU
>>>> SS%5D+SAML+2.0+Service+Provider+feature
>>>> [2] https://cwiki.apache.org/confluence/display/SYNCOPE/Ad+libit
>>>> um#Adlibitum-1.1.0(April5th,2013)

-- 
Francesco Chicchiriccò

Tirasa - Open Source Excellence
http://www.tirasa.net/

Member at The Apache Software Foundation
Syncope, Cocoon, Olingo, CXF, OpenJPA, PonyMail
http://home.apache.org/~ilgrosso/


Mime
View raw message